CVE List - 2023 / March
Showing 1301 - 1400 of 2488 CVEs for March 2023 (Page 14 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-27978 | 2023-03-21 | A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker... |
| CVE-2023-27979 | 2023-03-21 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to... |
| CVE-2023-27980 | 2023-03-21 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report... |
| CVE-2023-27981 | 2023-03-21 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a... |
| CVE-2023-27982 | 2023-03-21 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends... |
| CVE-2023-27983 | 2023-03-21 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead... |
| CVE-2023-27984 | 2023-03-21 | A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious... |
| CVE-2023-28725 | 2023-03-21 | General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments... |
| CVE-2022-42485 | 2023-03-21 | WordPress Gallery with thumbnail slider Plugin <= 6.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-41831 | 2023-03-21 | WordPress Glossary Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-41785 | 2023-03-21 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1462 | 2023-03-21 | IDOR in Digikent |
| CVE-2016-15029 | 2023-03-21 | Ydalb mapicoin stats.php cross site scripting |
| CVE-2023-1314 | 2023-03-21 | Local Privilege Escalation Vulnerability in cloudflared's Installer |
| CVE-2023-1153 | 2023-03-21 | SQLi in Pacsrapor |
| CVE-2023-1154 | 2023-03-21 | XSS in Pacsrapor |
| CVE-2023-27871 | 2023-03-21 | IBM Aspera Faspex information disclosure |
| CVE-2023-27874 | 2023-03-21 | IBM Aspera Faspex XML external entity injection |
| CVE-2023-27873 | 2023-03-21 | IBM Aspera Faspex information disclosure |
| CVE-2023-25689 | 2023-03-21 | IBM Security Key Lifecycle Manager information disclosure |
| CVE-2023-25924 | 2023-03-21 | IBM Security Key Lifecycle Manager improper authorization |
| CVE-2023-25687 | 2023-03-21 | IBM Security Key Lifecycle Manager information disclosure |
| CVE-2023-25688 | 2023-03-21 | IBM Security Key Lifecycle Manager information disclosure |
| CVE-2023-25923 | 2023-03-21 | IBM Security Key Lifecycle Manager denial of service |
| CVE-2023-28685 | 2023-03-21 | Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-25686 | 2023-03-21 | IBM Security Key Lifecycle Manager information disclosure |
| CVE-2023-25684 | 2023-03-21 | IBM Security Key Lifecycle Manager SQL injection |
| CVE-2023-1304 | 2023-03-21 | Rapid7 InsightCloudSec getattr() method access |
| CVE-2023-1305 | 2023-03-21 | Rapid7 InsightCloudSec box object access |
| CVE-2023-1306 | 2023-03-21 | Rapid7 InsightCloudSec resource.db() method access |
| CVE-2022-38458 | 2023-03-21 | A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. |
| CVE-2022-36429 | 2023-03-21 | A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can... |
| CVE-2022-37337 | 2023-03-21 | A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2022-38452 | 2023-03-21 | A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can... |
| CVE-2018-25082 | 2023-03-21 | zwczou WeChat SDK Python to_xml xml external entity reference |
| CVE-2023-0391 | 2023-03-21 | MGT-COMMERCE CloudPanel Shared Certificate |
| CVE-2023-1168 | 2023-03-21 | Authenticated Remote Code Execution in Aruba CX Switches |
| CVE-2023-1261 | 2023-03-21 | Missing MAC layer security in Wi-SUN SDK |
| CVE-2023-1262 | 2023-03-21 | Missing MAC layer security in Wi-SUN Linux Border Router |
| CVE-2023-1528 | 2023-03-21 | Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-1529 | 2023-03-21 | Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity:... |
| CVE-2023-1530 | 2023-03-21 | Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-1531 | 2023-03-21 | Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-1532 | 2023-03-21 | Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-1533 | 2023-03-21 | Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-1534 | 2023-03-21 | Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted... |
| CVE-2022-46300 | 2023-03-21 | CVE-2022-46300 |
| CVE-2022-43512 | 2023-03-21 | CVE-2022-43512 |
| CVE-2022-41696 | 2023-03-21 | CVE-2022-41696 |
| CVE-2022-45121 | 2023-03-21 | CVE-2022-45121 |
| CVE-2022-45468 | 2023-03-21 | CVE-2022-45468 |
| CVE-2022-46286 | 2023-03-21 | CVE-2022-46286 |
| CVE-2023-27855 | 2023-03-21 | Rockwell Automation ThinManager ThinServer Path Traversal Upload |
| CVE-2023-27856 | 2023-03-21 | Rockwell Automation ThinManager ThinServer Path Traversal Download |
| CVE-2023-22256 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22259 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22265 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-25859 | 2023-03-22 | Adobe Illustrator Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-25860 | 2023-03-22 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-25861 | 2023-03-22 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-25862 | 2023-03-22 | Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-26358 | 2023-03-22 | Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability |
| CVE-2023-26426 | 2023-03-22 | Adobe Illustrator (Beta) has a UAF vulnerability when parsing SVG files Arbitrary code execution |
| CVE-2023-26913 | 2023-03-22 | EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. php. |
| CVE-2022-4095 | 2023-03-22 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain... |
| CVE-2022-45003 | 2023-03-22 | Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. |
| CVE-2022-45004 | 2023-03-22 | Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. |
| CVE-2022-45634 | 2023-03-22 | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information |
| CVE-2023-0386 | 2023-03-22 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how... |
| CVE-2023-1578 | 2023-03-22 | SQL Injection in pimcore/pimcore |
| CVE-2023-21615 | 2023-03-22 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2023-21616 | 2023-03-22 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2023-22252 | 2023-03-22 | AEM Reflected XSS Arbitrary code execution |
| CVE-2023-22253 | 2023-03-22 | AEM Reflected XSS Arbitrary code execution |
| CVE-2023-22254 | 2023-03-22 | AEM Reflected XSS Arbitrary code execution |
| CVE-2023-22257 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22258 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22260 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22261 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22262 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22263 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22264 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22266 | 2023-03-22 | AEM URL Redirection to Untrusted Site Security feature bypass |
| CVE-2023-22269 | 2023-03-22 | AEM Reflected XSS Arbitrary code execution |
| CVE-2023-22271 | 2023-03-22 | AEM Weak Cryptography for Passwords Security feature bypass |
| CVE-2023-27054 | 2023-03-22 | A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under... |
| CVE-2023-27060 | 2023-03-22 | LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. |
| CVE-2023-27100 | 2023-03-22 | Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via... |
| CVE-2023-27224 | 2023-03-22 | An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. |
| CVE-2023-27637 | 2023-03-22 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to... |
| CVE-2023-27638 | 2023-03-22 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to... |
| CVE-2023-27754 | 2023-03-22 | vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcpy() funciton. The flow allows an attacker to cause a denial of service (abort) via a... |
| CVE-2023-28659 | 2023-03-22 | The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action. |
| CVE-2023-28660 | 2023-03-22 | The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. |
| CVE-2023-28661 | 2023-03-22 | The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. |
| CVE-2023-28662 | 2023-03-22 | The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. |
| CVE-2023-28663 | 2023-03-22 | The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action. |
| CVE-2023-28664 | 2023-03-22 | The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can... |
| CVE-2023-28665 | 2023-03-22 | The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only... |
| CVE-2023-28666 | 2023-03-22 | The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered... |